Age | Commit message (Collapse) | Author |
|
for us.
|
|
debugging. ok dtucker@
|
|
[auth2-chall.c ssh-keygen.c]
Fix compilation with -Wall -Werror (trivial type fixes)
|
|
[Makefile regress/forward-control.sh]
regress for AllowTcpForwarding local/remote; ok markus@
|
|
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
|
|
[regress/cert-userkey.sh]
include a serial number when generating certs
|
|
[regress/cipher-speed.sh regress/try-ciphers.sh]
Add umac-128@openssh.com to the list of MACs to be tested
|
|
[regress/multiplex.sh]
Use 'kill -0' to test for the presence of a pid since it's more portable
|
|
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
|
|
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
[sshd_config.5]
make AllowTcpForwarding accept "local" and "remote" in addition to its
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
|
|
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
|
|
[ssh_config.5 sshconnect2.c]
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
This allows control of which keys are offered from tokens using
IdentityFile. ok markus@
|
|
TAILQ_FOREACH_SAFE needed for upcoming changes.
|
|
[ssh-keygen.c]
allow the full range of unsigned serial numbers; 'fine' deraadt@
|
|
[auth2-pubkey.c]
fix username passed to helper program
prepare stdio fds before closefrom()
spotted by landry@
|
|
[moduli.5]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
|
|
[moduli.5]
fix formula
ok djm@
|
|
don't have it. Spotted by tim@.
|
|
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
|
|
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
[sshd_config.5]
Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
|
|
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
|
|
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
[sshd_config.5]
tweak previous;
|
|
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
[sshd.c sshd_config sshd_config.5]
new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
|
|
- markus@cvs.openbsd.org 2012/10/05 12:34:39
[sftp.c]
fix signed vs unsigned warning; feedback & ok: djm@
|
|
the generated file as intended.
|
|
|
|
|
|
[regress/multiplex.sh]
use -Ocheck and waiting for completions by PID to make multiplexing test
less racy and (hopefully) more reliable on slow hardware.
|
|
[regress/multiplex.sh]
Log -O cmd output to the log file and make logging consistent with the
other tests. Test clean shutdown of an existing channel when testing
"stop".
|
|
[multiplex.sh]
Add test for ssh -Ostop
|
|
[regress/try-ciphers.sh]
Restore missing space. (Id sync only).
|
|
|
|
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
add umac128 variant; ok djm@ at n2k12
(note: further Makefile work is required)
|
|
[ssh-keygen.c]
fix -z option, broken in revision 1.215
|
|
[monitor_wrap.c]
pasto; ok djm@
|
|
[ssh.1]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
|
|
[sftp.c]
Fix handling of filenames containing escaped globbing characters and
escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
|
|
[sftp.c]
Fix improper handling of absolute paths when PWD is part of the completed
path. Patch from Jean-Marc Robert via tech@, ok djm.
|
|
[sftp.c]
Add bounds check on sftp tab-completion. Part of a patch from from
Jean-Marc Robert via tech@, ok djm
|
|
[packet.c]
clear old keys on rekeing; ok djm
|
|
- djm@cvs.openbsd.org 2012/09/17 09:54:44
[sftp.c]
an XXX for later
|
|
[sshconnect.c]
remove unused variable
|
|
[servconf.c]
Fix comment line length
|
|
|
|
[clientloop.c]
when muxmaster is run with -N, make it shut down gracefully when a client
sends it "-O stop" rather than hanging around (bz#1985). ok djm@
|
|
[clientloop.c]
Merge escape help text for ~v and ~V; ok djm@
|
|
[clientloop.c]
Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
|
|
[ssh.1]
missing letter in previous;
|
|
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
(note: previous commit with this description was a mistake on my part while
pulling changes from OpenBSD)
|
|
work. From Ondřej Surý.
|